At SC Congress Toronto, Dave Lewis, global security advocate at Akamai, highlighted distributed denial-of-service (DDoS) attack trends that the security firm has seen over the past year, including saboteurs' penchant for targeting unsecured devices, like routers, to further their campaigns.
In addition to attacking Joomla servers and other software-as-a-service (SaaS) apps, Lewis shared on Thursday that “home routers are getting hit like crazy, because people tend not to look at them,” or do anything about securing these devices from threat actors.
“You can enslave them into a botnet, so they are used for a [DDoS] attack platform,” Lewis noted. The security expert also pointed out the increased commoditization of DDoS attacks by various groups, including Lizard Squad, which have offered malicious services in monthly packages, from $5.99 (in Bitcoin) for 100 seconds of DDoS attacks to $69.99 for 7,200 seconds of traffic fire aimed at targets.
In February, Akamai's Prolexic Security Engineering & Research Team (PLXsert) worked with PhishLabs' Research, Analysis, and Intelligence Division to analyze malicious traffic coming from multiple Joomla websites, and uncovered a DDoS attack campaign that took advantage of Joomla servers with a vulnerable Google Maps plug-in installed. PLXsert determined at the time, that attackers were able to use the servers as DDoS zombies because the flaw allowed the plug-in to act as a proxy, masking the origin of the attacks.
Lewis encouraged organizations to take a number of steps to defend themselves against these attacks, including patching their systems and working with their service providers on mitigation strategies.